Beta IPv6 Support on Docker Hub Registry – Docker Blog


At Docker we’re all about our community, so we listened to your excitement about Docker Hub support for IPv6 on the public roadmap, and now we are pleased to be introducing beta IPv6 support for the Docker Hub Registry! This means if you’re on an IPv6 only network, you can now opt in to use the registry directly with no NAT64 gateway.

Internet Protocol version 4 (IPv4), in use since the 1980s, can no longer meet the world’s growing demands for globally unique address spaces and this pool will eventually be depleted. IPv6 was created as a replacement for IPv4 and it is anticipated that it will become the new internet protocol standard. This move not only increases access to Docker Hub, but positions Hub to continue being easily accessible as the world transitions to IPv6.

IPv6 adoption of Google users

Docker will now be one of the few container registries that supports IPv6. This update enables more of our community to use the world’s most popular container registry, while making sure Docker Hub is positioned to support our users in the next stage of the internet.

What does this mean for you?

IPv4 Users: Your access to Hub does not change

Dualstack Users: Can choose between IPv4 or IPv6 endpoints

  • Dualstack users will now be able to use the new IPv6-only endpoints while in beta. At a future point in time, the primary endpoints will also support IPv6.

IPv6 Only Users: able to access new IPv6 only domain

  • IPv6 only users will now be able to use the beta IPv6 endpoint without the need of a NAT64 gateway! 🎉

How to use the beta IPv6-only endpoint

If you are on a network with IPv6 support, you can begin using the IPv6-only endpoint registry.ipv6.docker.com! To login to this new endpoint simply run the following command (using your regular Docker hub credentials):

docker login registry.ipv6.docker.com

Once logged in, add the IPv6-only endpoint to the image you wish to push/pull. For example, if you wish to pull the official ubuntu image instead of running the following:

docker pull ubuntu:latest

you will run:

docker pull registry.ipv6.docker.com/library/ubuntu:latest

Note: library will only be used for official images, replace this with a namespace when applicable. For example pulling docker/dockerfile will be:

docker pull registry.ipv6.docker.com/docker/dockerfile:latest

This endpoint is only supported for push/pulls for Docker Hub Registry with the Docker CLI, Docker Desktop is not supported. The Docker Hub website and other systems will see updates for IPv6 in the future based on what we learn here.

Please note this new endpoint is only a beta – there is no guarantee of functionality or uptime and it will be removed in the future. Do not use this endpoint for anything other than testing.

Implementation

Updating networking infrastructure correctly and in an automated fashion on a high traffic network such as Docker Hub requires precision, delicacy and rigorous testing. A significant number of changes were made across our Amazon Web Services (AWS) network resources and routing stack in order to support IPv6. To give an idea of the process involved, here are some notable highlights:

Rate Limiting

In order to prevent abuse and to enforce our Docker Hub rate limiting, we limit requests based on a user’s IP address. Previously, we were limiting addresses based on the full 32-bit IPv4 addresses. To keep this consistent, we are now limiting based on full IPv4 addresses and the first 64 bits of IPv6 addresses.

We also updated our allowlist systems, which provide our large organization customers and cloud partners with unlimited access to Hub downloads. Similarly, our regulatory blocklist system was updated to include IPv6 addresses.

Load Balancing

For IPv6 connections, we’ve provisioned brand new Network Load Balancers (NLBs) which will be handling all AAAA (IPv6) traffic. These give us more performance and better scalability.

Likewise, our application load balancer configurations were updated to understand IPv6 addresses, pass those along properly to the backend applications, and correctly create logs and metrics based on those.

Software Compatibility

Docker Hub receives billions of requests per day and all of these are logged in order for us to ensure access compliance, security, and also gives us a tool to have more debugging capabilities. Due to this, our tooling and configuration required an update to ensure our logs were consistent with both IPv4 and IPv6.

Alongside logging, some applications needed an update to support Dualstack endpoints – in particular our distribution service which is now providing IPv6 access to our blob storage! Code changes were made to the registry middleware and authentication services to make sure we could serve IPv6 requests across the whole registry push/pull flow.

The Future

We’re thrilled that more users (specifically on IPv6 only networks) will now have better accessibility to Docker Hub! We’re also happy to be supporting the internet and our industry as we make the step into new this IP space.

If you have feedback on this beta release, please let us know here: https://github.com/docker/hub-feedback/issues/2165



Source link